TOTP Settings for Persons

iSecurity Multi-Factor Authentication supports the use of Time-based One-Time Password (TOTP) authenticators in accordance with RFC 6238.

Supported TOTP authenticators include Google Authenticator, Microsoft Authenticator, IBM Verify, ReinerSCT Authenticator, and any TOTP application that adheres to the RFC 6238 standard is supported.

1. Create a Class for MFA TOTP

Select 1. Classes from the Definitions screen (STRMFA > 21). The Work with Classes screen appears. Press F6=Add new, and the Add New Class screen appears. Define TOTP as an Authentication Factor in MFA as shown below:

                                ​ Add New Class​                                  
 Class . . . . . . . . . . .​  TOTP                                              
 Text  . . . . . . . . . . .​  USE TOTP IN MFA                                   
 MFA Preferred device  . . .​  E          ​ N=No MFA, C=Cell, E=Email, S=Screen​   
 If no screen, prefer  . . .​  E          ​ C=Cell, E=Email​                       
 Restrict Emails to domain .​                                                    
                             ​                                                   
 Allow OTP instead of TOTP .​  N          ​ Y=Yes, N=No​                           
                                                        ​
 OAuth2/OpenID​          
 Add't Authentication Factor​  OTP​  TOTP  Qstn​  App​  API​  Device​ Auth.C​  Radius​  
 Use 1-9 to specify​  ​ MFA. .​  ​     ​ 1    ​      ​     ​      ​       ​        ​       
 Priority (1=Highest)​ AOD. .​  ​     ​      ​  ​         ​  ​    ​  ​     ​  ​      ​  ​     
 Blank=Do not use  ​  ​ P-R. .​  ​  ​   ​  ​    ​           ​  ​    ​  ​     ​  ​      ​  ​     
 If API, MFA provider  . . .​              DUO, OKTA, PINGID...​                  
 Private questions​                                                              
 Number of private questions​   0         ​ 0-10​  Maximum retries​    3  0=*NOMAX​  
 Wait before next attempt  .​   60        ​ 1-999 seconds (999=No retry)​          
 Password-Reset​                                                                 
 Verify user by  . . . . . .​             ​ N=No verify, C=Cell, E=Email, M=MFA​   
 Get new password by . . . .​             ​ S=Screen, C=Cell, E=Email, N=Enter    
 Reset your password by  . .​  1          ​ 1=New pwd, 2=Enable UsrPrf, 9=Select​  
 Password must be changed in​   10        ​ 1-999 minutes (999=*NOMAX)​            
 F3=Exit​                                                                        
                                                                                

Press Enter twice.

2. Edit the Person's Class to TOTP

Select 1. Persons Information from the Persons screen (STRMFA > 1). The Work with Persons screen appears.

If the Person is already defined, select the Person using option 1=Work with. The Modify Person screen appears.

If the Person is not yet defined, press F6=Add new to create a new entry. The Add New Person screen appears.

In the Modify Person/Add New Person screen, set the Class field to the TOTP Class defined earlier as shown below:

 Screen 1/2​                  ​   Modify Person     ​                              
                                                                                
 Person  . . . . . . . . .​ PEPE      ​                                           
 IP-Group  . . . . . . . .​                                                      
 External ID . . . . . . .​                                                      
 Class . . . . . . . . . .​ TOTP                            ​ Name, *DFT, *NEVER  
 Default User ID.  . . . .​ PEPE                                                 
 ID. Number               ​ 555                                                  
 Birth date               ​ 010101                                               
 Cell phone               ​ 444444444                        F4=SMS provider     
 Email address            ​ VV                                                   
                          ​                                                      
 Employee number          ​ 5555                                                 
 Family name              ​ CUEVAS                                               
 First name               ​ PEPINO                                               
 Preferred language       ​ ENG                                                  
 Office phone             ​                                                      
                                                                                
 Last update / used  . . .​ 2023-11-13 19:55:20​ /​ 2025-03-23 16:57:18​            
                                                                            ​    
                                                                                
 F3=Exit   F4=Prompt   F12=Cancel                                           ​    
                                                                                
                                                                                

Press Enter three times.

3. Define the TOTP Secret Key

Select 1. Persons Information from the Persons screen (STRMFA > 1). The Work with Persons screen appears.

Select the relevant Person with option 8=TOTP. The Work with TOTP Secret Key for [Person's Name]  pop-up window appears.

                   ​           Work with Persons             ​                    
                                       ​
 Subset by text  . . . .​                 
                                              ​
 by User Profile.​                 
 Type options, press Enter.    ​               ​ by​ TOTP​     ​ Qst​    ​ MFA​   Y,N,S​ 
 ​
 1=Work with   3=Rename   4=Delete   7=Questions   8=TOTP   9=MFA           ​   
 Opt Person  ​ .....................................................​             
             ​ :​     ​ Work with TOTP Secret Key for​ PEPE      ​    ​ :​             
 ​
            ​ :​              ​ *Key does not exist*​               ​ :​             
 ​
            ​ :​  1. Create/Replace TOTP Secret Key​               ​ :​             
 ​
            ​ :​  2. Recreate Emergency Tokens​                    ​ :​             
 ​
            ​ :​  3. Display Key and Emergency Tokens​             ​ :​             
 ​
            ​ :​  4. Display QR code​                              ​ :​             
 ​
            ​ :​  5. Send Link for Key and Emergency Tokens​       ​ :​             
 ​
            ​ :​                                                  ​ :​             
 ​
            ​ :​  Selection​                                       ​ :​             
 ​
            ​ :​                                                  ​ :​             
 ​
            ​ :​  F12=Cancel​                                      ​ :​             
 ​
            ​ :...................................................:​             
 ​
            ​                       ​    ​   ​       ​    ​      ​     ​               
 ​
 8  PEPE      ​ CUEVAS PEPINO       ​    ​  6​       ​ Yes​      ​     ​               
                                                                  ​
      More...​ 
 F3=Exit    F6=Add new    F12=Cancel                                        ​    
                                                                                
                                                                                

From the menu, select 1. Create/Replace TOTP Secret Key. The Create New TOTP Secret Key for [Person's Name] pop-up window appears.

                   ​           Work with Persons             ​                    
                                       ​
 Subset by text  . . . .​                 
                                              ​
 by User Profile.​                 
 Type options, press Enter.    ​               ​ by​ TOTP​     ​ Qst​    ​ MFA​   Y,N,S​ 
 ​
 1=Work with   3=Rename   4=Delete   7=Questions   8=TOTP   9=MFA           ​   
 Opt Person  ​ .....................................................​             
             ​ :​     ​ Work with TOTP Secret Key for​ PEPE      ​    ​ :​             
 ​
            ​ :​ ..............................................................​  
 ​
            ​ :​ :​          ​ Create New TOTP Secret Key for​ PEPE      ​       ​ :​  
 ​
            ​ :​ :​                                                           ​ :​  
 ​
            ​ :​ :​  Current key . . .​  * TOTP Secret Key is not defined *​    ​ :​  
 ​
            ​ :​ :​                                                           ​ :​  
 ​
            ​ :​ :​  New key . . . . .​                                        ​ :​  
 ​
            ​ :​ :​  Press F6 to generate new key or type it manually​         ​ :​  
 ​
            ​ :​ :​  Valid characters are: letters A-Z and digits from 2 to 7​  :​  
 ​
            ​ :​ :​                                                           ​ :​  
 ​
            ​ :​ :​  Email new key . .​  Y          ​ Y=Yes, N=No​               ​ :​  
 ​
            ​ :​ :​                                                           ​ :​  
 ​
              ​ :​  Press Enter to update, F12 to Cancel.​                    ​ :​  
 ​
    PEPE      ​ :​                                                           ​ :​  
               ​
 :​  F12=Cancel​  ​ F3=Exit​  ​ F6=Generate new key​               ​ :​  
 F3=Exit    F6=​ :............................................................:​  
                                                                                
                                                                                

You can either enter a custom TOTP Secret Key or press F6 to generate a random key.

NOTE: Valid characters are uppercase letters A–Z and digits 2–7 only.

Press Enter twice.

If a Tomcat server is configured for MFA, an email will be sent to the Person containing a link to the Web Application used to register the TOTP key.

If a Tomcat server is not in use, manually send the generated TOTP Secret Key to the Person for manual registration in their TOTP application.

4. Install the TOTP Authenticator on Mobile Device

The Person must download and install a TOTP Authenticator application on their mobile device from the appropriate app store (Google Play Store or Apple App Store).

5. Register the TOTP Secret Key in the Authenticator Application

The Person must open the TOTP Authenticator application installed on their mobile device and create a new entry using one of the following methods:

Enter a setup key manually (TOTP Secret Key previously defined).

Scan a QR code (available only if the Web Application is installed).

The QR code can be obtained in one of the following ways:

From the email sent automatically after the key was created.

By selecting 4. Display QR code in the menu of option 8=TOTP for the Person from the Persons Information screen.

This step registers the TOTP key on the mobile device and enables the generation of verification codes used during authentication.